Lucene search
K

8262 matches found

CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

WordPress plugin Kali Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
NVD
NVD
added 2026/02/17 5:16 a.m.8 views

CVE-2026-2002

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS0.00154EPSS
Exploits1References2
CVE
CVE
added 2026/02/17 4:35 a.m.28 views

CVE-2026-2002

CVE-2026-2002 is a Stored Cross-Site Scripting vulnerability in Forminator Forms – Contact Form, Payment Form & Custom Form Builder for WordPress. It affects all versions up to and including 1.50.2 and arises from insufficient input sanitization and output escaping of the form_name parameter. Wit...

4.4CVSS5.7AI score0.00154EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/17 4:35 a.m.4 views

CVE-2026-2002

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.7AI score0.00154EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/17 4:35 a.m.38 views

CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS0.00154EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/17 4:35 a.m.5 views

CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.7AI score0.00154EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.9 views

WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.7AI score0.00154EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-8396

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.7AI score0.00154EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/02/16 10:34 p.m.9 views

WordPress Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

WordPress Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin = 1.50.2 - Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Tiến Dũng Nguyễn in WordPress Plugin Forminator versions = 1.50.2...

4.4CVSS5.5AI score0.00154EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 6:43 p.m.9 views

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription' vulnerability

Missing Authorization in 'ptcancelsubscription' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

5.4CVSS5.5AI score0.00304EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/16 9:30 a.m.4 views

EUVD-2026-6123

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

4.3CVSS5.6AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/02/16 7:17 a.m.5 views

CVE-2026-0929

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

4.3CVSS0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.8 views

Kubysoft 跨站脚本漏洞

Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability. This vulnerability stems from multiple parameters in the /forms/app endpoint, which are vulnerable to storage-based cross-site scripting attacks. This may allo...

5.4CVSS5.6AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.8 views

PT-2026-8313

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

5.6AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.10 views

CVE-2026-2022

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 7:16 a.m.8 views

CVE-2026-2022

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00252EPSS
Exploits0References3
CVE
CVE
added 2026/02/14 6:42 a.m.21 views

CVE-2026-2022

CVE-2026-2022 concerns WordPress plugin Smart Forms. The vulnerability is a missing capability check on the AJAX action rednao_smart_forms_get_campaigns, affecting all versions up to and including 2.6.99. This allows authenticated attackers with Subscriber-level access and above to retrieve donat...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.3 views

CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.4 views

CVE-2026-2022

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.25 views

CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00252EPSS
Exploits0References3
Rows per page
Query Builder